Blame packages/n/nvme-cli/0100-harden_nvmf-connect@.service.patch
|
Bernhard M. Wiedemann |
f155be |
---
|
|
Bernhard M. Wiedemann |
f155be |
nvmf-autoconnect/systemd/nvmf-connect@.service | 11 +++++++++++
|
|
Bernhard M. Wiedemann |
f155be |
1 file changed, 11 insertions(+)
|
|
Bernhard M. Wiedemann |
f155be |
|
|
Bernhard M. Wiedemann |
f155be |
--- a/nvmf-autoconnect/systemd/nvmf-connect@.service
|
|
Bernhard M. Wiedemann |
f155be |
+++ b/nvmf-autoconnect/systemd/nvmf-connect@.service
|
|
|
4bc3f6 |
@@ -9,6 +9,17 @@ PartOf=nvmf-connect.target
|
|
|
4bc3f6 |
Requires=nvmf-connect.target
|
|
|
4bc3f6 |
|
|
|
4bc3f6 |
[Service]
|
|
|
4bc3f6 |
+# added automatically, for details please see
|
|
|
4bc3f6 |
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
|
|
|
4bc3f6 |
+ProtectSystem=full
|
|
|
4bc3f6 |
+ProtectHome=true
|
|
|
4bc3f6 |
+ProtectHostname=true
|
|
|
4bc3f6 |
+ProtectKernelTunables=true
|
|
|
4bc3f6 |
+ProtectKernelModules=true
|
|
|
4bc3f6 |
+ProtectKernelLogs=true
|
|
|
4bc3f6 |
+ProtectControlGroups=true
|
|
|
4bc3f6 |
+RestrictRealtime=true
|
|
Bernhard M. Wiedemann |
f155be |
+# end of automatic additions
|
|
|
4bc3f6 |
Type=simple
|
|
|
4bc3f6 |
Environment="CONNECT_ARGS=%i"
|
|
Bernhard M. Wiedemann |
f155be |
ExecStart=/bin/sh -c "nvme connect-all --quiet `/bin/echo -e '${CONNECT_ARGS}'`"
|